Protective enclosure for a computer system

ABSTRACT

The invention relates to an apparatus which enables, via an elementary manipulation, protection against access to and destruction of data contained in a computer system or deactivation of such protection. The protected computer system may include a housing of a central processing unit (CPU) with its memories, the housing being separate from data access devices. The CPU and memories are connected to the data access devices by connectors which are external to the housing. The housing is defined by an enclosure (18) provided with at least one door or the like. Advantageously a plurality of housings may be defined in the enclosure, each of which housings can benefit from the inventive apparatus. Closing of the door causes a multipolar switch (28) to open, which switch is electrically connected between: 
     links connected to the data access devices located outside the housing; 
     connectors of/from the housing which connectors are to be protected. 
     The door can be closed while still permitting operation of the devices stored in the housing. Reopening of the door causes the contacts of the switch to close, and allows the exchange of data to resume.

BACKGROUND OF THE INVENTION

The invention relates to protection of computer systems. Moreparticularly, it relates to an apparatus which can be directlyassociated with a computer system prior to or during installation of thesystem, to protect the system against possible fraudulent use, damage,and/or tampering, by outside persons or influences.

Computers are currently in wide use, and consequently the informationcontained in them is increasingly important, as is the need to keep itconfidential.

Accordingly, in most cases computer systems need reliable and effectivemeans of protection. Examples of target systems are those operating inthe scientific and security areas, and in offices involved in companymanagement, such as accounting, payroll, inventory management,commercial trading, etc.

A great deal of study has been devoted to reliable prevention of:"leakage" of information, fraudulent use of information, and sabotage.

The research on data protection has been directed along two principallines:

more or less complete physical protection of the computer system; and

"intellectual" protection of the contents of the computer system.

By "physical protection" is meant the use of an apparatus or other meanswhich enable physical isolation of the parts of the system containingthe information sought to be protected, or blocking of the physicalmeans of access to such information. This type of apparatus or othermeans is intended to prevent theft or unauthorized use of information,and also any risk of damage by environmental influences such as heat,dust, fire, and/or water.

Cabinets, disk files, and other containers for diskettes, provided witha key lock or other entry control device, do not provide reliablemechanical resistance to unauthorized entry or use. Moreover, often theyare stored in office rooms along with other documents without particularselectivity and without protection over and above that afforded toordinary items. As a result, they can be easily removed by a thief,along with their contents, particularly since they generally are ofsmall dimensions. Of course, the theft of the data storage media andcontainers themselves is generally not of high economic impact. Instead,the more serious impact results from the loss of information.

Operators regard these "protective" measures as onerous, and in practicethe measures tend to be implemented only in the case of a prolongedabsence of the operator.

It is also known to employ removable hard disks to store basic data.Their drawbacks are that they are costly and of generally low speed, andfurther that they only offer protection if stored in a reinforcedcabinet at the end of each work session. The technique requirescumbersome manipulations, and necessitates interruption of work inprogress. Consequently it tends to be employed only in the case of aprolonged absence, similarly to the abovementioned measures.

Other means of protection have been considered for specificapplications, such as key means to lock the keyboard, anti-theftmarkings, brackets to fix equipment to the support on which it is held,etc. These types of protection are effective only under limitedcircumstances.

In this connection one might mention boxes and cabinets which areshielded and/or are provided with fire resistance means. These aregenerally used for storing disks, diskettes, cassettes, and magnetictapes.

It would be impractical to also store the essential equipment (e.g.central processing unit (CPU), monitor, keyboard, etc.) in suchenclosures.

Existing CPUs generally comprise a housing fixed to a chassis by screws,and have one or more front ports for diskette readers or cassetteplayers. The connection between the keyboard and the CPU is establishedby a relatively simple key lock. Unfortunately, even if the key is usedconscientiously to isolate the keyboard, the housing can be opened viathe screws, and access thereby can be obtained to the interiorcomponents, particularly the switches. In this way, switches can beshorted to avoid the protective means; and no special equipment isneeded for this. Furthermore, the described protection means are merelyphysical and only relate to the contents of the housing. Among otherthings, no specific protection is afforded to the printers.

With the aim of providing physical protection which is morecomprehensive and effective, it has been proposed to enclose thecomputer and its associated elements in a special mobile containerhaving a key lock. In this regard, Eur. OS 0,172,762 describes anassembly which is comprised of

a plate on which the CPU and the computer monitor are disposed, and

articulated walls which enable one to enclose the CPU, monitor, andkeyboard in a container by folding-over the walls and sliding themtoward the bottom of the container. When the operator wishes to beginwork, he must "set up" his equipment, i.e. he must open the container,raise the CPU and monitor to the desired height, position the keyboard,and possibly position various retractable document support surfaces,etc. Then when finished working he must perform these operations inreverse; indeed, for effective protection the operations must beperformed each time the operator leaves his post. It is seen that fromthe practical standpoint, the obstacles to success are formidable,because the sequence of operations is tedious and time-consuming, inaddition to the fact that it interrupts work in progress.

Other furniture items and integrated computer stations have beenproposed, but these too are time-consuming to implement. In general theyhave the same drawback that they leave the front panel free whereby thediskette- or cassette drive(s) can be accessed. This drawback of theformerly proposed systems is problematic in that, in the case ofsoftware-based protection systems, a person can evade the protection byinterrupting and then reestablishing the power supply, causing theoperating system to re-boot. The person can then intervene by inputtinginformation.

To summarize: All of the known apparatuses intended to provide physicalprotection to a computer system are found to be time-consuming andimpractical to use, and likewise fail to meet the esthetic criteriaoften desirable in a work environment. Moreover, their most importantdrawback is their limited effectiveness which owes to the fact that theystill leave the operating system and/or the monitor and/or the printeraccessible to unauthorized persons such as persons passing through theoffice.

Faced with these deficiencies, the approach of more recent studies hasbeen to try to develop more advanced software-based protection. Thistype of protection is in the "intellectual protection" categorymentioned above, in particular, neutralization of electronic access tothe information.

"Intellectual protections" may be divided into three categories:apparatus employing a password, apparatus employing data encryption, and"anti-virus" programs.

In the first category, a password is employed to control access to anoperating system or a given application, locally or on a network. Thismethod of protection requires rigorous control. Experience shows that apassword deemed secret tends to become known to numerous unauthorizedpersons, either because the password is simple (a date of birth, firstname, etc.) or due to an annotation of the password which is accessibleor is thinly disguised and thus easy to figure out, or even by reason ofcloseness to another password. In order to be properly effective, anapparatus employing passwords must require use of the password wheneverthe operator leaves his post. Thus for protection to be effective, theoperator must terminate any operation in progress whenever he leaves hispost. This is extremely constraining, and causes substantial loss oftime, such that eventually the operator tends to only use the passwordwhen he will be absent for a prolonged period. Nonetheless, passwordprotection is of value when combined with other means.

Data encryption means render data unintelligible by the ordinary meansof the operating system. Their purpose is to protect the data proper butnot the programs which process the data. Their preferred domain is thusthe processing of data. Data encryption may also be employed tointroduce a certain "resistance" to accidental loss of data.Nonetheless, the technique retards data transfer. Moreover, in order tobe utilized, the equipment must be provided with an encryption algorithmand the codes therefor; this renders the method vulnerable and lowersthe degree of security provided. Encryption has spawned a corps ofdecryption specialists who neutralize the encryption by employingmathematical decryption techniques. Accordingly, only relativelyvulnerable encryption systems are currently in the public domain, whilemore sophisticated systems are reserved for very few specificapplications such as defense classified information.

Recently, a new menace has appeared, the computer "virus". This is aprogram which "infects" existing programs in a given computer system.The "infection" can then be transmitted to other files. The deleteriouseffects of viruses can cause unexpected reactions in the system or theappearance of spurious messages. More seriously, viruses can partiallyor entirely destroy or modify data and programs. Viruses also can bedevised to release confidential information to a spy. In order to guardagainst this new type of invasion and sabotage, "anti-virus" programshave been developed to protect computer systems by detecting thepresence of viruses in executable files, under a regime of monitoringand control which can be varied to operate continually or upon commandor upon each transfer of data to or from the outside, or systematicallyin the final phase of a system shutoff. However, these "anti-virus"programs only protect in specific cases--when the means for detecting ofa virus have become known, the authors of the virus find new ways toevade such means.

Based on the preceding, it may be stated that protection software, whichprovides only "intellectual" and not physical protection, is vulnerableto evasion by specialists, be they professional or amateur. Nonetheless,protection software is a useful technique to be used in combination withother means, particularly when the system is connected to a network.However, the fact that such software is slow and is difficult and costlyto adapt often serves to limit its application. In general, successfuluse of such software requires at least one computer programmer to dealwith incompatibilities which can arise with the application software inuse.

Eur. OS 0,235,615 discloses a security apparatus having a locking key onthe housing of the CPU, which key operates a switch which blocks thediskette drive, thereby completely blocking operation of the computer.

Ger. Gbm. 89 11 024.2 teaches the concept of enclosing the CPU in ahousing having openings for ventilation and for passage of connections.A trapdoor or sliding door providing access independent from that of theprincipal opening of the housing is provided to provide access to a keyfor starting the CPU, or access to a switch. The computer is allowed tofunction fully or not at all. There is no option of allowing thecomputer to operate without providing access to data.

The present invention remedies the above-described drawbacks byproposing an effective protective apparatus for computer systems, whichapparatus is simple and easy to install and use, and which in particularenables protection from unauthorized access to data, but withoutinterrupting operation of the CPU. It additionally enables protection ofthe hardware and other equipment against theft and against aggression byenvironmental influences such as heat, dust, fire, water, etc.

Toward this end, a principal feature of the present invention is aprotective enclosure for a computer system, for protecting the computersystem by confinement, which computer system comprises at least onecentral processing unit (CPU) and input/output peripherals comprising:

a display element,

means for gaining access to data, and optionally

a device for printing data.

The enclosure comprises enclosure means equipped with a door or thelike, which enclosure means are intended to house and confine at leastone CPU of the computer system. The enclosure further comprises meansfor locking and unlocking transmission of a signal, whichlocking/unlocking means are associated with the enclosure means, toneutralize electronic access to the data contained in the computersystem.

The means for gaining access to the data are disposed outside of theenclosure. The door or the like has closing means which, upon actuation,actuates the locking means, which locking means have at least onecontact controlled by the door or the like of the enclosure. The contactis intended to control a security circuit which comprises a switchdisposed in at least one of the links which connect the input/outputperipherals to the CPU. The switch is connected so as to neutralize onlythe means for gaining access and not operation of the CPU.

According to other preferred embodiments of the present invention:

The means for gaining access to data comprise a keyboard;

The enclosure means are designed to also enclose one or more elementsassociated with the computer system;

The enclosure means are supplied with external connectors which enableconnection to at least one peripheral device;

The security circuit is connected to the means for gaining access to thedata;

The computer system further comprises a printer element for printingdata, disposed outside the enclosure, and the security circuit isconnected to this printer element;

The security circuit is connected to the display element;

The security circuit is independent of the computer system;

The security circuit comprises a switch disposed in the link connectingthe means for gaining data access to the CPU and;

The door or the like is furnished with mechanical means for locking andunlocking, and electronic control means are associated with thesemechanical means.

The invention will be better understood with the aid of the followingdetailed description of an exemplary embodiment, with reference to theaccompanying drawings. The exemplary embodiment is offered for thepurpose of illustration and does not limit the scope of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic view of an apparatus according to the invention,in an open condition wherein access is permitted to the data containedin the computer system; and

FIG. 2 is a schematic view of an apparatus according to the invention,in a closed condition wherein access to the data contained in thecomputer system is prevented.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The protective apparatus according to the invention is described in thecontext of a computer system comprised of a CPU 10 having diskettereaders, a monitor 12, a keyboard 14, and a printer 16.

The invention comprises protective enclosure means which protect byconfinement, wherewith the apparatus comprises an enclosure 18 furnishedwith a door 20. A CPU 10 is placed inside the enclosure. The videomonitor 12, keyboard 14, and printer 16 are disposed outside theenclosure 18.

Of course, one may elect to place the monitor 12 and/or printer 16 inthe enclosure 18. However, in an office where space is at a premium andpractical considerations are important, the user's keyboard and monitorwill be disposed facing him at his work location, and the printer willtypically serve a number of work locations in common. Accordingly, itmay be preferable to place only the CPU(s) in the enclosure.

The enclosure 18 is furnished with one or more exterior connectorsenabling connection to peripheral units. By "peripheral units" here ismeant a keyboard, a monitor, a printer, communication lines, etc.

As may be seen from FIG. 1, the door 20 of the enclosure 18 is providedwith mechanical locking/unlocking means 22 which are per se known andwhich comprise

means for maneuvering lock bolts 24 and

a keyhole 26 shown in FIG. 2.

Contacts are provided which connect to the CPU 10 and to each of theperipherals the use of which peripherals is sought to be controlled atwill by the user. At least one contact is provided which is governed bythe door 20. The contacts may be of the classical variety or may beoptically mediated.

As a result, it is possible to put a security mode into effect by themere act of closing the door 20. When one closes the door 20 (FIG. 2),the mechanism 22 causes a switch 28 disposed inside the enclosure 18 tobe opened, which in turn prevents electronic access to the datacontained in the computer system. Thus, the keyboard 14 is disconnectedfrom the CPU 10 by neutralization of the link 30, such that depressionof the keys of the keyboard no longer has any effect.

Further, the display on the monitor 12 disappears due to neutralizationof the link 32, and the printing of documents is interrupted due toneutralization of the link 34.

In the case described here, a single multipolar switch 28 has beenprovided, for controlling the keyboard, monitor, and printersimultaneously. It is seen in FIG. 1 that the links 30, 32, and 34 areconnected to this single switch.

In alternative embodiments, a plurality of switches may be provided, tocontrol certain functions selectively. In certain cases, for example,one may not wish to neutralize anything more than the keyboard. Thisenables interdiction of access to information while still allowingprinting of data and/or of operating messages on the monitor.

One might mention here that the neutralization is only for low-currentlinks (lines 30, 32, and 34), and not for the power lines themselves ofthe peripherals. The advantage of this is that it avoids loss of timedue to a restart of the peripherals, e.g. warmup of the monitor before adisplay can appear thereon.

Finally, when the reverse manipulations are performed (unlocking of thelock 26 by means of a key, e.g. a plunger-type key), the door 20(FIG. 1) is opened and thereby access to data is reestablished. Thissignifies that the CPU 10 is again physically and electronicallyaccessible, and in particular that operations can be commanded byactuating elements of the keyboard 14. Further, if the monitor 12 andprinter 16 have been neutralized, the display of data and the printingfunctions are reestablished.

Moreover, programs started before the enclosure 18 was closed can becontinued without interruption during the security mode.

Thus, long processing tasks can be carried out without requiring thepresence of the user and without risking accessibility of the computersystem to malefactors or unauthorized persons.

Moreover, the neutralization of the display of information on themonitor deprives an interloper of the information and prevents him fromfraudulently operating the keyboard. Consequently the results of suchcomputer operation will not be disclosed to the interloper, nor will anydata, even if he does succeed in accessing programs and/or data records.

The invention affords the advantage of being a simple and totalsolution, in that when the computer system is placed in the securitymode by closing the door it still allows

continuation of processing already in progress,

initiation of certain processes such as making a back-up copy of work inprogress or termination of work previously started, or

other commands specific to the program employed.

Consequently, one can automatically initiate the security mode for thecomputer system data even if the user is in a hurry to leave, becausethe user's only necessary act is to simply close the door of theenclosure, and no other specific precautions with respect to thecomputer system are required.

Other means may be employed to control locking and unlocking of the door20 of the enclosure 18. For example, electronic means such as magneticcards or combinations such as those used on safes could be used.Depending on the importance of the information contained in oraccessible by the computer system, one may prefer not to employ externalmeans which can be readily compromised, for example, by a spotter, or byuse of mnemonic aids for remembering a combination. In particular, thiswould be done in order to reduce the risk of loss, theft, orunauthorized use of the information (particularly such use as would notbe subsequently be detected by an authorized user).

Generally, the locking means and/or neutralizing means used areadvantageously of a type which is quick and easy to implement by theauthorized persons.

A security circuit was described above which comprises a switch;however, other known types of security circuits may be adapted to theinventive apparatus.

Depending on the application of the invention, one may use a securitycircuit which is completely independent of the computer system inquestion or one which functions by means of the computer system.

The examples given hereinabove are in no way exhaustive, and, dependingon the requirements presented and the means at hand, one skilled in theart may adapt the protection to be more or less complex and/or more orless selective. The inventive apparatus is modifiable according to theparticular needs of the user.

In order to avoid disconnecting the cables connecting the protectedcomputer system to the selected peripherals when the door 20 is closed,advantageously one may provide interior channels for passage ofconnecting cables to the peripherals. Preferably, the configuration ofthese channels is in a "U" shape, and preferably obstacles, such ascrimping plates, are provided to prevent the introduction of variousobjects from the exterior, incursions of fluid or fire, etc.

With the aim of improving the protection of the computer system againstaggression by external influences, there is additionally provided aventilation means which brings in, for example, external air, passes itthrough a filter, and blows it into the bottom of the interior of theenclosure 18, thereby maintaining the enclosure at a slight overpressurewith respect to the surroundings when the door 20 is open in order tolimit the entrance of dust. This overpressure may also be used for otherpurposes. Contrary to the exemplary embodiment described above, theremay be cases when one does not want automatic or embodiment closing ofthe door. In such cases, the overpressure prevents accidental closing ofthe door.

It is known that computer hardware and its components are sensitive toheat and to temperature variations. Accordingly, in order to maintain anatmosphere which is as stable as possible, the external air drawn in isblown into the interior of the enclosure 18 through a cooling grid (notshown) of a cooling unit which has its exhaust heat exchanger locatedoutside the enclosure 18. One may also provide a flexible tubepermitting intake of cold air at a distant point, for example, in aventilation conduit of a technical station containing the networkservers. Other temperature control means may be associated with theenclosure 18 as well.

The enclosure 18 may also be shielded with cladding or the like, or maybe constructed with fire resistant materials. Further, it may containmeans for automatically detecting fire, which means, for example, shutoff the electrical power to the equipment associated therewith whenthere is smoke in the enclosure, and which in a separate phase actuatefirefighting means such as cylinders containing carbon dioxide, otherinert gas, or other fluid media, in accordance with applicableregulations.

One may also supply the walls of the enclosure 18 with decorative panelsin order to meet aesthetic criteria which are often important in workenvironments, particularly in offices. The enclosure 18 may also behidden, for example, under a desk.

Shelves (36, 38) are provided in the interior of the enclosure 18, aboveand below the CPU 10, respectively, to accommodate elements associatedwith the computer system, such as diskettes, operating manuals,confidential documents, programs, safeguards, source codes, andlistings. Of course, other elements may be stored as well, depending onthe needs of the user.

Depending on the location or situation of the computer system, the risksfaced, and the degree of protection desired, the enclosure 18 may beequipped with additional optional accessories. Thus, one may providemeans on the walls of the enclosure which facilitate attachment of theentire enclosure by one or more points to fixed exterior structures,such as floors, walls, chassis, etc.

The exterior of the enclosure may also have signaling means of varioustypes employing luminous or audible signals to indicate, e.g., that theenclosure is supplied with electric power or ventilation, that thetemperature of the outlet air is excessive, that smoke or incipient fireis present, etc.

The inventive apparatus provides the following advantages:

It provides means for protection which are effective while being simple,easy, and fast to implement, and which enable the operator to gainaccess in a single manipulation to the use of the computer and all ofthe related support components;

The protection can be actuated without interrupting operations inprogress, contrary to the situation with most apparatuses and means inthe prior art. Consequently, when the door is reopened the computersystem is restored to its prior state which prevailed before the doorwas closed, with the exception of operations in progress which wereallowed to continue during the absence of the operator;

Actuation of the apparatus does not require a significant amount oftime, nor does it require complex procedures. Because of the greatlyreduced number of manipulations compared to prior known apparatuses, theinvention avoids the risk that the protection will tend to be used onlysporadically (e.g., only in cases of prolonged absence of the user).Thus the invention constitutes an inducement for the user to storesensitive materials and to pursue security measures;

The inventive apparatus can be installed at the time the computer systemitself is installed, or in an existing computer installation. In thelatter case, adaptation of the inventive apparatus does not presentparticular costs above those for other apparatuses which are lesseffective;

The apparatus does not occupy space which encroaches upon the usual workspace because the apparatus is integrated into the usual work space. Inaddition, it provides a secure storage space which can accommodate otherobjects which are customarily poorly protected;

The reliability of the computer hardware is enhanced by decreasing itsexposure to dust, thermal shock, etc., such that deterioration of thecomputer hardware due to soiling is substantially limited.

In the security mode, only the parts not containing data remainaccessible;

The working conditions for the user can be improved by reducing theamount of noise from the computer, improvement in tidiness, etc.;

From the practical and general characteristics of the inventiveapparatus, its effectiveness, and the continuing strong growth of themicrocomputer sector, one may predict that the inventive apparatus canand will be economically fabricated in serial production, resulting inlow capital cost for the user;

Because of the inaccessibility of the peripherals for entering data andcommands, and particularly the neutralization of the functions of thekeyboard disposed externally of the enclosure and the neutralization ofthe monitor (which serves to "blind" an unauthorized person), theprotected information itself is inaccessible, and any unauthorizedmanipulation, particularly infection with a virus, is made impossible;

The level of security provided for data is the same regardless of thedata storage medium (hard disk, diskettes, volatile memory, writtendocuments, etc.).

I claim:
 1. A protective enclosure for a computer system, to protectsaid computer system by confinement, which computer system comprises atleast one central processing unit (CPU) and input/output peripheralscomprising at least two ofa display element, means for gaining access todata, and a printer device for printing data,wherein said protectiveenclosure comprises: enclosure means equipped with a door or the like,which enclosure means house and confine at least one of said at leastone CPU of said computer system, and means for locking and unlockingtransmission of a signal, which locking/unlocking means are associatedwith said enclosure means, to neutralize electronic access to the datacontained in the computer system,wherein said means for gaining accessto the data are disposed outside the enclosure; said door or the likehaving closing means which, when actuated, actuates said means forlocking/unlocking, said means for locking/unlocking having at least onecontact controlled by the door or the like of said enclosure, saidcontact being arranged so as to control a security circuit, saidsecurity circuit comprising a switch disposed in at least one of aplurality of links which connect said input/output peripherals to theCPU, such that when said closing means is closed said switch neutralizesonly the means for gaining access to data and not operation of the CPU.2. An apparatus according to claim 1; wherein the means for gainingaccess to data comprise a keyboard.
 3. An apparatus according to claim1; wherein the enclosure means are designed so as to accommodate andalso enclose one or more elements associated with the computer system.4. An apparatus according to claim 1; wherein the enclosure meansinclude exterior connectors which enable connection to at least oneperipheral device.
 5. An apparatus according to claim 1; wherein theswitch is disposed in CPU to a line connecting the means for gainingaccess to data in the CPU.
 6. An apparatus according to one of claims1-4; characterized in that the door (20) or the like is furnished withmechanical means of locking and unlocking (22), and electronic controlmeans are associated with these.
 7. An apparatus according to one ofclaims 1-6; characterized in that the switch (28) is disposed in thelink (30) connecting the means of data access (14) to the CPU (10).